14th Annual Computer Security Applications Conference
December 7-11, 1998
Phoenix, Arizona


Authorization in Enterprise-wide Distributed System A Practical Design and Application

Vijay Varadharajan, Chris Crall and Joe Pato

As companies migrate from a centralized to a distributed computing environment, the administration and management of security policies, in particular authorization policies, is becoming an increasingly difficult task. This paper considers the design of an authorization system that is suitable for distributed applications. It discusses the architectural design principles, describes the constructs of the authorization policy language amd outlines the authorization service and components involved. The paper gives some example policy specifications and illustrates how privileges are specified and evaluated as well as how privilege resolutions are achieved.